UK & EU Privacy Policy

  • Introduction

    • Your privacy matters to us and we ensure that we comply with applicable privacy rules (including the General Data Protection Regulation and Data Protection Act 2018) when storing, processing or using your data.

      It’s important to us that you understand which data we collect, and how we use it, so that you can make informed decisions about providing your data to us. This privacy notice (also sometimes referred to as a “Fair Processing Notice”) has been written to help you to do that.

      In this notice “we” and “us” refers to the Liberis Limited and its respective subsidiary and/or affiliated group companies.  Liberis Limited is the data controller for the purpose of the General Data Protection Regulation and Data Protection Act 2018. We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this Privacy Notice. You can find details of our registered address, as well as how to contact our Data Protection Officer with questions regarding data protection or privacy, at the end of this notice.

      As Liberis Limited is based in the United Kingdom, we have appointed Liberis Sweden AB (company number 559205-5494) to be our representative within the EEA. Their contact details are Kungsgatan 8, 111 43 Stockholm.

      Many of the individuals about whom we collect personal data provide it to us as representatives of a company or other legal entity that they own or that they are engaged by.  References to “your business”, “your account”, “your application”, “your enquiry” and other similar terms below, are deemed to include references to the business, account, application, or enquiry of the entity that you have submitted an application on behalf of.

  • The data we collect

    • You’re free to browse our website without providing us with any personal information. Please review the section below on our use of Cookies.

    • Data we collect, and how we use it

      We always ensure that we have a fair and legal basis for processing your data. In most cases, we will use your data in the following ways:

      • To enable us to take actions required for us to provide you with our product and related services (for example, to pay agreed funds into your account).
      • To enable us to meet our legal obligations (for example, getting proof of your identity to meet our anti-money laundering obligations).
      • To understand (including through use and training of tools supported by artificial intelligence (AI) how customers use our products so we improve the products and services we provide.
      • To provide internal training sessions to ensure that we are constantly learning and improving.
      • If we have your consent to use your information for a specified purpose (e.g. to send you marketing emails).
      • We generally do not collect sensitive personal data (also known as special categories of personal data), however where we do the legal basis is that it is in the substantial public interest (for example, to support you if you are or become a vulnerable customer).

  • Credit Check Notice

    • Please note that by making an application for our product, Liberis will share the information you submit with credit and fraud prevention agencies for the purposes of carrying out credit checks and fraud related searches on the business(es) and individual(s) referenced in your application. Please see below for more detail on this.

      Below we have set out our lawful bases for processing your data at various stages in your journey with us, alongside our purposes for processing your data.

      You can find out more about the various lawful bases for processing on the ICO website, https://ico.org.uk/, if this terminology is unclear.

  • Data you provide directly to us

        Categories of Data

      • Your business name (depending on the type and size of the business, this may not be personal data)

      • Information regarding the industry or sector in which your business operates (depending on the type and size of the business, this may not be personal data)
      • Details about your business’ financial revenues.(depending on the type and size of the business, this may not be personal data)

      • Personal information of directors/shareholders/Persons of Significant Control of your Limited company or, in the case of sole traders and partnerships, the proprietor(s) of your business:

        Name

        Address

        Date of birth

        Home ownership

        Identity documents

      • Email address
      • Business phone number
      • Intended use of funds
      • Bank account details
      • Bank Statements
      • The personal data you submit in your application to us
      • Open Banking authorisation and Open Banking Data
      • VAT (or similar sales tax) information
      • Our correspondence and communications with you
      • Your product payment records
      • Publicly Accessible Information
      • Personal data of those working for Liberis’ suppliers or vendors: name and business contact details (email address, phone number), confirmation of your identity (a copy of your passport or driving licence), your function (title, position, name of company), financial information (bank account details), complaints information (if relevant) and security information (CCTV footage, swipe card information etc.). If you intend to provide us with personal data about other individuals (e.g. your colleagues), you must provide a copy of this Privacy Notice to the relevant individuals.
      • Medical information
      • Email and phone numbers

    • Data we collect indirectly or from third parties

      • We collect a variety of data about you from third parties.  This includes the data listed below and may include other data that we notify you about from time to time.

        Categories of Data
      • Credit history. Identity details. In both cases relating to you, your business, and its directors
      • Financial transaction details that have been processed by your processor
      • Various data
      • Company registration information, and published accounts
      • Technical information regarding your device
      • Your device IP address
      • Landlord References
      • Land Registration Details
      • Other publicly available information

    • Sharing data with third parties

      • In the process of providing you with a quote, in reviewing your application for one of our products, and in performing the contracts that we enter into with you, we may share your data with third parties. Details of these third parties are below. We will only share data with third parties where it is lawful for us to do so.

        • We may share your details with Credit Reference Agencies if you apply for one of our products to assess your application and determine eligibility for our funding products. We may also share your information with Credit Reference Agencies on an ongoing basis whilst you still have a funding product with us (and for up to 9 months once you have paid your funding product in full) for the purposes of (a) assessing whether you may be eligible to receive a further funding product from us, (b) monitoring customers who are underperforming. For customers in the UK, this data will be used in accordance with the Small and Medium-Sized Business (Credit Information) Regulations 2015 and Small Business Enterprise and Employment Act 2015. Should you require further information regarding the use of data by Credit Reference Agencies in the UK, they have provided a shared document regarding their use of personal data – you can find it here: https://www.equifax.co.uk/crain.html.
        • We share your data with our funding providers for their monitoring purposes and such in order that we comply with the terms of our agreements with them.
        • We share your data with ComplyAdvantage, Dun & Bradstreet, Cribis, and CreditSafe, KBIG (and ERIF and CRIF) and Credit Info, Equifax and Alloy (and similar or replacement providers)  in order to carry out anti-money laundering checks and/or to carry out credit checks.
        • We may share details of any breach of the terms of your agreement with us with credit reference agencies. In the case of a limited liability entity, we may report the directors and/ or shareholders and/or guarantors of such entity with credit reference agencies concerning any breach of the terms of your agreement with us.
        • We share your data with Facebook so that we can create custom audiences for advertising campaigns. Facebook also process your data to measure the performance of advertising campaigns
        • We use Sagepay and Go Cardless to store and process payment details only
        • In the event of payment default, we may send your details to Azzurro (UK), Shire Recoveries, Intrum and other debt purchaser and collectors or service providers who will represent us in collecting any outstanding debts.
        • We hold customer data on the Salesforce Cloud platform. Salesforce do not use or look at your data, but their servers do hold the data.
        • We hold customer data on the Microsoft Azure Cloud platform, Salesforce Cloud, Google Cloud Platform, Braze and other similar providers. Microsoft do not use or look at your data, but their servers do hold the data.
        • We will share your information with Fraud Prevention agencies such as CIFAS, and we (or they) may also allow law enforcement agencies to access and use this personal data to detect, investigate, and prevent crime. For more information on how CIFAS will use your information, please see the below CIFAS Fair Processing Notice.
        • We will share data where we are required to do so to comply with applicable laws and directions from regulatory bodies, government bodies or law enforcement agencies.
        • We use Intercom to engage with existing and new visitors to the Liberis websites through an online chat.  .
        • We use New Voice Media (Vonage) and Gong to store and processing recordings of our calls with you.
        • If your details were provided to us by a third party or one of our partners (such as a financial broker, your card provider or via a referral website) then we may provide updates regarding the status of your application back to them, and updates on the status of any product we provide you with, as well as your transaction data and details of any complaints you may make.
        • If your details were provided to us by a third party or partner (such as a financial broker, your payment processor or service provider) then we may provide updates regarding and relating to the status of your application back to them, and updates on the status of any product we provide you with.
        • We may also share your data with our partners for fraud prevention purposes and for safeguarding economic well-being purposes where (in line with our Vulnerable Customer Policy) we identify you as a vulnerable customer. Where required for regulatory compliance purposes, we will update our third party service providers (including Modulr) that we have identified you as a vulnerable customer. 
        • If our business (or the majority of our company assets) is acquired by another party, your information will be part of the transfer of assets.
        • If we sell or buy any business or assets, we may share your data with the prospective buyer or seller.
        • Where we engage with third parties for the purposes of raising investment, we may provide data on a strictly need-to-know basis for due diligence purposes.
        • We share your business name and contact details with other organisations that may offer you services of interest to you – but only if you explicitly provide us with permission to do so.
        • We may share your data with other Liberis group companies for the purposes of managing your account.
        • We may share your data with our selected Partners and other third parties where you have confirmed to us that you would like to hear from such third parties about their products and services.

        We also disclose your data in the following circumstances:

        Service Providers

        We work with various third-party service providers:

        • We share your information with payment processors and e-wallet service providers (including Modulr and Airwallex) that process financial transactions on your behalf.
        • We share your data with Commscoach for training and communications monitoring purposes.
        • We work with Open banking providers in order to access data about your financial status in order to evaluate your application, underwrite you for funding and calculate amounts owed to us.
        • We use cloud computing providers to store your data, and to help us process your application efficiently.
        • We may use third parties (e.g. mailing houses) to send you marketing or account information on our behalf. To do this we would need to provide them with your name and address or email address at a minimum.
        • We use a third-party help and support system to help us respond to your questions quickly when you’re using our website, your data are shared here only when you request assistance.
        • We may use third party contact centres to help us contact you by phone, and we would need to pass your information to them to enable them to reach you. They will additionally record the information that you provide to them and pass it back to us.
        • We may use third party operational fulfilment centres to process some parts of your application.
        • We use cloud based electronic signature providers during our application process, we will provide all details required to produce your contract to these providers in order to provide you with this service.
        • We use a service provider who provides multi-touch attribution reporting and other services for us. This third party may have access to, or process Personal Data or Client Data as part of providing those services for us.

        We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.

      • Information outside of the EEA

        Liberis is an international company with operations in and outside of the EU and EEA, this includes the US. Some of our external third party service providers are also based outside the European Economic Areas (EEA). If we are required to transfer your personal data out of the EEA or the UK, we ensure a similar degree of protection is afforded to it by:

        • only transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
        • or using standard contractual clauses approved by the European Commission which give personal data the same protection it has in Europe and the UK.

        If you would like further information on how we safeguard your information, please contact us at dataprotection@liberis.com

      • Non-Personally Identifiable Information

        We may make non-personally identifiable information available to third parties for various purposes. This data maybe automatically collected and would be analysed to create an aggregated view of the data, ensure the reported information was anonymous.

    • Retention of your data

      • We’ll keep your data only for as long as we need to – that time period may be different in different circumstances. Here are our most common scenarios:

        We’ll keep records of any financial transactions, and details regarding the information that you provided to us while making an application for one of our products, for a minimum of 6 years from the end of our relationship with you. We need to do this so that we can respond to any complaints or disputes.

        We’ll keep the information that’s needed to provide you with the service that you’ve requested for as long as it takes us to provide the services and for 6 years from termination of the contract for provision of the services.

        If you’ve asked us not to use your details for marketing purposes, we will need to keep some details to make sure our systems and processes reflect your preferences. We will implement your opt-out request as quickly as possible. However, you may receive emails for up to 30 days, or marketing by post for up to 60 days, following your opt-out request. This is because our marketing campaigns are usually prepared about a month in advance, and it is often not feasible to remove an individual’s details after this point.

        In addition, we will retain any data about you which we need in order to comply with our legal obligations (for example applicable UK tax law require us to hold onto data for a minimum of 6 years).

        If we no longer need your data, we will delete it or make it anonymous by removing all details that identify you.

    • Consequences of processing

      • Should you choose not to provide us with your personal data, we will not be able to assess your eligibility for one of our products, and we will be unable to enter into a contract with you.

        If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you.

        A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us – you’ll find all of our details in the “Contacting us” section of this notice.

    • Your rights

      • Under the General Data Protection Regulation and UK privacy laws you have a number of important rights free of charge. In summary, those include rights to:

        • access to your personal data and to certain other supplementary information that this Policy is already designed to address
        • require Us to correct any mistakes in your information which We hold
        • require the erasure of personal data concerning you in certain situations – this is not an absolute right and is only applicable in certain circumstances.
        • receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
        • object at any time to processing of personal data concerning you for direct marketing
        • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
        • object in certain other situations to our continued processing of your personal data
        • otherwise, restrict our processing of your personal data in certain circumstances
        • where consent is our lawful basis for processing your personal data, withdraw such consent
        • claim compensation for damages caused by our breach of any data protection laws.

        For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the General Data Protection Regulation.

        If you would like to contact us about any of the rights we’ve described above, please send your query to: dataprotection@liberis.co.uk and we will reply within the legal time limits, where applicable.

    • Automated decisions

      • As part of the processing of your personal data, decisions may be made by automated means.

        We make automated decisions based on the information that you provide, and that we gather from third parties, as part of your application to determine your financial profile. Automated decisioning is the process of determining whether to approve an application for funding without the use of a manual underwriter. Instead a series of scorecards, rules and algorithms are used to make this decision automatically without any human intervention. In addition to determining whether an applicant is approved for funding the results of the automated decisioning could also drive the size of the advance a customer is able to take and the size of the fee associated with it.

        This means that we may use automated decisions to provide you with a price reflecting your profile. The outcome of these automated decisions may mean that we do not approve your application for one of our products, or that our pricing is adjusted based on the information we have.

        These automated decisions use a statistical process, including machine learning techniques based on your historical transactions,  aggregated business banking information and historical credit performance as a business and as an owner of a business (details you have provided and/or publicly available information). If you are an existing customer, the automated decisions will also take into account your performance of previous/current contractual obligations.

        We may also automatically decide that you pose a fraud risk if our processing reveals your behaviour to be consistent with that of known fraudsters; or if there is evidence that attempts have been made to conceal your true information.

        You have the right to request manual decision making in place of automated decision making. If you would like more information in relation to automated decision making or if you would like to request that your application is referred for a manual decision:  please contact us at dataprotection@liberis.co.uk.

    • Data security

      • The security of your information is important to us and we will do our best to protect your data.

        Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk.

        Once you provide the information to us, we store this information on our secure servers, and we have implemented reasonable administrative, technical, and physical security measures to protect against the unauthorised access, destruction or alteration of your information based on its sensitivity.

        Liberis operates its production infrastructure inside MS Azure datacentres and Salesforce cloud, we operate a change management process to implement changes inside these environments. Our production infrastructure is subject to an annual penetration test by a 3rd party, with defined timescales for any remediation actions required. We are also ISO27001:2013  certified.

        Our Azure environments are protected against DDOS attacks and common attack patterns at the Azure edge, additionally, we plan to implement an IDS/IPS solution into our production environment with the logs from these network devices being fed into a 24/7 SIEM solution.

        In our corporate environment we run regular vulnerability scans and remediate accordingly to our policy documentation.

    • Our use of cookies

      • We use cookies to help provide you a great experience when using our website. A cookie is a small text file that is stored on your computer (or whichever device you use to access this website) that is unique to you, to help us tell you apart from other visitors when you move between pages, or when you come back. Details of our Cookies Policy can be found here.

    • Children

      • Our products are not for children and to qualify, you must be over eighteen (18) years of age. You must make sure the details provided by you on registration or at any time are correct and complete. You must inform us immediately of any changes to the information that you provided when registering by updating your personal details.

    • Changes to this privacy notice

      • We may amend this notice from time to time; should amendments be made they will be posted to our website.

    • How to complain

      • We hope that we can resolve any query or concern you raise about our use of your information.

        The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.

        The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or by telephone at 0303 123 1113.

        The supervisory authority in Sweden is the Datainspektionen who may be contacted at https://www.datainspektionen.se/kontakta-oss/ or by telephone at (+46) 86576100.

        The supervisory authority in Germany is Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit wo can be contacted at https://formulare.bfdi.bund.de/lip/form/display.do?%24context=999D15C2A0F6F5885A9B or by telephone at (+49) 2289977990.

    • Contacting us

      • Should you wish to contact us with any questions or concerns you may have regarding our privacy notice, to request any amendments to the data we hold about you, or to exercise any of your other rights listed in this notice, you can contact our Data Protection Officer using any of the following methods:

      • Email

        You can contact our Data Protection Officer via email using the following address: dataprotection@liberis.com

      • Post

        You can write to our Data Protection Officer at the following address:

        Data Protection Officer
        Liberis Ltd
        Scale Space Building,
        58 Wood Lane,
        London W12 7RZ

    • For UK, CIFAS Fair Processing Notice

      • General
        1. Before we provide services to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
        2. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
        3. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, and device identifiers including IP address.
        4. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
        5. We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
        6. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
      • Automated Decisions
        1. As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details above.
      • Consequences of Processing
        1. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
        2. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
      • Data Transfers
        1. Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
      • Your Rights
        1. Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
        2. For more information or to exercise your data protection rights, please contact us using the contact details above.
        3. You also have a right to complain to the Information Commissioner’s Office (or your equivalent local privacy regulator), which regulates the processing of personal data.

    Last Updated: 20 November 2024